CVE-2021-3719
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Una posible vulnerabilidad en la función SMI callback que guarda y restaura las tablas de scripts de arranque usadas para reanudar desde el estado de suspensión en algunos modelos ThinkCentre y ThinkStation puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario
*Credits:
Lenovo thanks Jiawei Yin(@yngweijw), Menghao Li, and Chengxi, Chen of IIE varas for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-08-18 CVE Reserved
- 2021-11-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-67440 | 2021-11-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Thinkcentre E93 Firmware Search vendor "Lenovo" for product "Thinkcentre E93 Firmware" | < fbktdfa Search vendor "Lenovo" for product "Thinkcentre E93 Firmware" and version " < fbktdfa" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre E93 Search vendor "Lenovo" for product "Thinkcentre E93" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M600 Firmware Search vendor "Lenovo" for product "Thinkcentre M600 Firmware" | < m00kt65a Search vendor "Lenovo" for product "Thinkcentre M600 Firmware" and version " < m00kt65a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M600 Search vendor "Lenovo" for product "Thinkcentre M600" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M700 Tiny Firmware Search vendor "Lenovo" for product "Thinkcentre M700 Tiny Firmware" | < fwktb9a Search vendor "Lenovo" for product "Thinkcentre M700 Tiny Firmware" and version " < fwktb9a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M700 Tiny Search vendor "Lenovo" for product "Thinkcentre M700 Tiny" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M73 Firmware Search vendor "Lenovo" for product "Thinkcentre M73 Firmware" | < fhkt86a Search vendor "Lenovo" for product "Thinkcentre M73 Firmware" and version " < fhkt86a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M73 Search vendor "Lenovo" for product "Thinkcentre M73" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M73p Firmware Search vendor "Lenovo" for product "Thinkcentre M73p Firmware" | < fbktdfa Search vendor "Lenovo" for product "Thinkcentre M73p Firmware" and version " < fbktdfa" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M73p Search vendor "Lenovo" for product "Thinkcentre M73p" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M800 Firmware Search vendor "Lenovo" for product "Thinkcentre M800 Firmware" | < fwktb9a Search vendor "Lenovo" for product "Thinkcentre M800 Firmware" and version " < fwktb9a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M800 Search vendor "Lenovo" for product "Thinkcentre M800" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M818z Firmware Search vendor "Lenovo" for product "Thinkcentre M818z Firmware" | < m1ekt23a Search vendor "Lenovo" for product "Thinkcentre M818z Firmware" and version " < m1ekt23a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M818z Search vendor "Lenovo" for product "Thinkcentre M818z" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M83 Firmware Search vendor "Lenovo" for product "Thinkcentre M83 Firmware" | < fbktdfa Search vendor "Lenovo" for product "Thinkcentre M83 Firmware" and version " < fbktdfa" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M83 Search vendor "Lenovo" for product "Thinkcentre M83" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M900 Firmware Search vendor "Lenovo" for product "Thinkcentre M900 Firmware" | < fwktb9a Search vendor "Lenovo" for product "Thinkcentre M900 Firmware" and version " < fwktb9a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M900 Search vendor "Lenovo" for product "Thinkcentre M900" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M900x Firmware Search vendor "Lenovo" for product "Thinkcentre M900x Firmware" | < fwktb9a Search vendor "Lenovo" for product "Thinkcentre M900x Firmware" and version " < fwktb9a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M900x Search vendor "Lenovo" for product "Thinkcentre M900x" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M93 Firmware Search vendor "Lenovo" for product "Thinkcentre M93 Firmware" | < fbktdfa Search vendor "Lenovo" for product "Thinkcentre M93 Firmware" and version " < fbktdfa" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M93 Search vendor "Lenovo" for product "Thinkcentre M93" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M93p Firmware Search vendor "Lenovo" for product "Thinkcentre M93p Firmware" | < fbktdfa Search vendor "Lenovo" for product "Thinkcentre M93p Firmware" and version " < fbktdfa" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M93p Search vendor "Lenovo" for product "Thinkcentre M93p" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M4500q Firmware Search vendor "Lenovo" for product "Thinkcentre M4500q Firmware" | < fhkt86a Search vendor "Lenovo" for product "Thinkcentre M4500q Firmware" and version " < fhkt86a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M4500q Search vendor "Lenovo" for product "Thinkcentre M4500q" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M6500t\/s Firmware Search vendor "Lenovo" for product "Thinkcentre M6500t\/s Firmware" | < fbktdfa Search vendor "Lenovo" for product "Thinkcentre M6500t\/s Firmware" and version " < fbktdfa" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M6500t\/s Search vendor "Lenovo" for product "Thinkcentre M6500t\/s" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre M8500t\/s Firmware Search vendor "Lenovo" for product "Thinkcentre M8500t\/s Firmware" | < fbktdfa Search vendor "Lenovo" for product "Thinkcentre M8500t\/s Firmware" and version " < fbktdfa" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre M8500t\/s Search vendor "Lenovo" for product "Thinkcentre M8500t\/s" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkcentre X1 Firmware Search vendor "Lenovo" for product "Thinkcentre X1 Firmware" | < m0hkt50a Search vendor "Lenovo" for product "Thinkcentre X1 Firmware" and version " < m0hkt50a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkcentre X1 Search vendor "Lenovo" for product "Thinkcentre X1" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkstation P300 Firmware Search vendor "Lenovo" for product "Thinkstation P300 Firmware" | < fbktdfa Search vendor "Lenovo" for product "Thinkstation P300 Firmware" and version " < fbktdfa" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkstation P300 Search vendor "Lenovo" for product "Thinkstation P300" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkstation P500 Firmware Search vendor "Lenovo" for product "Thinkstation P500 Firmware" | < a4ktaba Search vendor "Lenovo" for product "Thinkstation P500 Firmware" and version " < a4ktaba" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkstation P500 Search vendor "Lenovo" for product "Thinkstation P500" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkstation P700 Firmware Search vendor "Lenovo" for product "Thinkstation P700 Firmware" | < a5ktaba Search vendor "Lenovo" for product "Thinkstation P700 Firmware" and version " < a5ktaba" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkstation P700 Search vendor "Lenovo" for product "Thinkstation P700" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkstation P900 Firmware Search vendor "Lenovo" for product "Thinkstation P900 Firmware" | < a6ktaba Search vendor "Lenovo" for product "Thinkstation P900 Firmware" and version " < a6ktaba" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkstation P900 Search vendor "Lenovo" for product "Thinkstation P900" | - | - |
Safe
|